Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

161

162

163

164

165

166

167

168

169

170

112 FastIron Configuration Guide

53-1002494-02

Remote access to management function restrictions

You can restrict access to management functions from remote sources, including Telnet, the Web

Management Interface, and SNMP. The following methods for restricting remote access are

supported:

• Using ACLs to restrict Telnet, Web Management Interface, or SNMP access

• Allowing remote access only from specific IP addresses

• Allowing Telnet and SSH access only from specific MAC addresses

• Allowing remote access only to clients connected to a specific VLAN

• Specifically disabling Telnet, Web Management Interface, or SNMP access to the device

The following sections describe how to restrict remote access to a Brocade device using these

methods.

ACL usage to restrict remote access

You can use standard ACLs to control the following access methods to management functions on a

Brocade device:

• Telnet

• SSH

• Web management

• SNMP

Consider the following to configure access control for these management access methods.

1. Configure an ACL with the IP addresses you want to allow to access the device.

2. Configure a Telnet access group, SSH access group, Web access group, and SNMP community

strings. Each of these configuration items accepts an ACL as a parameter. The ACL contains

entries that identify the IP addresses that can use the access method.

The following sections present examples of how to secure management access using ACLs. Refer

to Chapter 40, “Rule-Based IP ACLs” for more information on configuring ACLs.

TFTP access Not secured Allow TFTP access only to clients connected to a

specific VLAN

page 120

Disable TFTP access page 124

Access for Stacked

Devices

Access to multiple

consoles must be

secured after AAA

is enabled

Extra steps must be taken to secure multiple

consoles in an IronStack.

page 140

TABLE 20 Ways to secure management access to Brocade devices (Continued)

Access method How the access

method is secured

by default

Ways to secure the access method See page